Wednesday, December 31, 2014

Question: I would like to know detailed
information about the CPU processor of my computer. What are the
available methods to check CPU information on Linux?

Depending on your need, there are various pieces of information you
may need to know about the CPU processor(s) of your computer, such as
CPU vendor name, model name, clock speed, number of sockets/cores,
L1/L2/L3 cache configuration, available processor capabilities (e.g.,
hardware virtualization, AES, MMX, SSE), and so on. In Linux, there are
many command line or GUI-based tools that are used to show detailed
information about your CPU hardware.

1. /proc/cpuinfo

The simpliest method is to check /proc/cpuinfo. This virtual file shows the configuration of available CPU hardware.

$ more /proc/cpuinfo

By inspecting this file, you can identify the number of physical processors, the number of cores per CPU, available CPU flags, and a number of other things.

2. cpufreq-info

The cpufreq-info command (which is part of cpufrequtils
package) collects and reports CPU frequency information from the
kernel/hardware. The command shows the hardware frequency that the CPU
currently runs at, as well as the minimum/maximum CPU frequency allowed,
CPUfreq policy/statistics, and so on. To check up on CPU #0:

5. hardinfo

The hardinfo is a GUI-based system information tool which
can give you an easy-to-understand summary of your CPU hardware, as well
as other hardware components of your system.

$ hardinfo

6. inxi

inxi is a bash script written to gather system information
in a human-friendly format. It shows a quick summary of CPU information
including CPU model, cache size, clock speed, and supported CPU
capabilities.

$ inxi -C

7. likwid-topology

likwid
(Like I Knew What I'm Doing) is a collection of command-line tools to
measure, configure and display hardware related properties. Among them
is likwid-topology which shows CPU hardware
(thread/cache/NUMA) topology information. It can also identify
processor families (e.g., Intel Core 2, AMD Shanghai).

8. lscpu

The lscpu command summarizes /etc/cpuinfo content in a more
user-friendly format, e.g., the number of (online/offline) CPUs, cores,
sockets, NUMA nodes.

$ lscpu

9. lshw

The lshw command is a comprehensive hardware query tool. Unlike other tools, lshw
requires root privilege because it query DMI information in system
BIOS. It can report the total number of cores and enabled cores, but
miss out on information such as L1/L2/L3 cache configuration. The GTK
version lshw-gtk is also available.

$ sudo lshw -class processor

10. lstopo

The lstopo command (contained in hwloc
package) visualizes the topology of the system which is composed of
CPUs, cache, memory and I/O devices. This command is useful to identify
the processor architecture and NUMA topology of the system.

$ lstopo

11. numactl

Originally developed to set the NUMA scheduling and memeory placement policy of Linux processes, the numactl command can also show information about NUMA topology of the CPU hardware from the command line.

Linux desktop comes with a display manager (e.g., GDM, KDM, LightDM),
which lets the desktop machine automatically boot into a GUI-based
login environment. However, what if you want to disable GUI and boot
straight into a text-mode console? For example, you are troubleshooting
desktop related issues, or want to run a heavy-duty application that
does not require desktop GUI.
Note that you can temporarily switch from desktop GUI to a virtual
console by pressing Ctrl+Alt+F1 to F6. However, in this case your
desktop GUI will be still running in the background, and thus is
different from pure text-mode booting.
On Ubuntu or Debian desktop, you can enable text-mode booting by passing appropriate kernel parameters.

Boot into Command-line Temporarily

If you want to disable desktop GUI and boot in text-mode just one-time, you can use GRUB menu interface.
First, power on your desktop. When you see the initial GRUB menu, press 'e'.
This will lead you to the next screen, where you can modify kernel
booting parameters. Scroll down the screen to look for a line that
begins with "linux", which indicates a list of kernel parameters.
Remove from the list "quiet" and "splash". Add "text" in the list
instead.
The updated kernel parameter list looks like the following. Press
Ctrl+x to continue booting. This will enable one-time console booting
in verbose mode.

Boot into Command-line Permanently

If you want to boot into command-line permanently, you need to update GRUB configuration which defines kernel booting parameters.
Open a default GRUB config file with a text editor.

$ sudo vi /etc/default/grub

Look for a line that starts with GRUB_CMDLINE_LINUX_DEFAULT, and
comment out that line by prepending # sign. This will disable the
initial splash screen, and enable verbose mode (i.e., showing the
detailed booting procedure).
Then change GRUB_CMDLINE_LINUX="" to:

GRUB_CMDLINE_LINUX="text"

Next, uncomment the line that says "#GRUB_TERMINAL=console".
The updated GRUB defult configuration looks like the following.
Finally, invoke update-grub command to re-generate a GRUB2 config file under /boot, based on these changes.

$ sudo update-grub

At this point, your desktop should be switched from GUI booting to console booting. Verify this by rebooting.

The main problem that users experience after following my tutorials for dual booting Ubuntu and Windows 8 is that their computer continues to boot directly into Windows 8 with no option for running Ubuntu.
Here are two ways to fix the EFI boot loader to get the Ubuntu portion to boot correctly.

Set GRUB2 As The Bootloader.

1.
Make GRUB The Active Bootloader

There are a few things that may have gone wrong during the installation.In theory if you have managed to install Ubuntu in the first place then you will have turned off fast boot.Hopefully you followed this guide to create a bootable UEFI Ubuntu USB drive as this installs the correct UEFI boot loader.If you have done both of these things as part of the
installation, the bit that may have gone wrong is the part where you set
GRUB2 as the boot manager.To set GRUB2 as the default bootloader follow these steps:

Login to Windows 8

Go to the desktop

Right click on the start button and choose administrator command prompt

When you do a directory listing you will see a folder for Ubuntu. Type dir.

There should be options for grubx64.efi and shimx64.efi

Run the following command to set grubx64.efi as the bootloader:

bcdedit /set {bootmgr} path \EFI\ubuntu\grubx64.efi

Reboot your computer

You should now have a GRUB menu appear with options for Ubuntu and Windows.

If your computer still boots straight to Windows repeat steps 1 through 7 again but this time type:

bcdedit /set {bootmgr} path \EFI\ubuntu\shimx64.efi

Reboot your computer

What you are doing here is logging into the Windows administration
command prompt, mapping a drive to the EFI partition so that you can see
where the Ubuntu bootloaders are installed and then either choosing
grubx64.efi or shimx64.efi as the bootloader.
So what is the difference between grubx64.efi and shimx64.efi? You should choose grubx64.efi if secureboot is turned off. If secureboot is turned on you should choose shimx64.efi.
In my steps above I have suggested trying one and then trying
another. The other option is to install one and then turn secure boot on
or off within the UEFI firmware for your computer depending on the
bootloader you chose.

rEFIind.

2.
Use rEFInd To Dual Boot Windows 8 And Ubuntu

The rEFInd boot loader
works by listing all of your operating systems as icons. You will
therefore be able to boot Windows, Ubuntu and operating systems from USB
drives simply by clicking the appropriate icon.To download rEFInd for Windows 8 click here.After you have downloaded the file extract the zip file.Now follow these steps to install rEFInd.

Go to the desktop

Right click on the start button and choose administrator command prompt

You should now have a menu similar to the image above with options to boot Windows and Ubuntu

​
This process is fairly similar to choosing the GRUB bootloader. Basically it involves downloading rEFInd, extracting the files.
copying the files to the EFI partition, renaming the configuration file
and then setting rEFInd as the boot loader.

Summary

Hopefully this guide has solved the issues that some of you have been having with dual booting Ubuntu and Windows 8.1.
If you are still having issues feel free to get back in touch using the email link above.

Sunday, December 28, 2014

An Apache HTTP server in production environments can be under attack
in various different ways. Attackers may attempt to gain access to
unauthorized or forbidden directories by using brute-force attacks or
executing evil scripts. Some malicious bots may scan your websites for
any security vulnerability, or collect email addresses or web forms to
send spams to.

Apache HTTP server comes with comprehensive logging capabilities
capturing various abnormal events indicative of such attacks. However,
it is still non-trivial to systematically parse detailed Apache logs and
react to potential attacks quickly (e.g., ban/unban offending IP
addresses) as they are perpetrated in the wild. That is when fail2ban comes to the rescue, making a sysadmin's life easier.fail2ban is an open-source intrusion prevention tool which
detects various attacks based on system logs and automatically initiates
prevention actions e.g., banning IP addresses with iptables, blocking connections via /etc/hosts.deny, or notifying the events via emails. fail2ban
comes with a set of predefined "jails" which use application-specific
log filters to detect common attacks. You can also write custom jails to
deter any specific attack on an arbitrary application.

In this tutorial, I am going to demonstrate how you can configure fail2ban to protect your Apache HTTP server. I assume that you have Apache HTTP server and fail2ban already installed. Refer to another tutorial for fail2ban installation.

What is a Fail2ban Jail

Let me go over more detail on fail2ban jails. A jail defines an application-specific policy under which fail2ban triggers an action to protect a given application. fail2ban
comes with several jails pre-defined in /etc/fail2ban/jail.conf, for
popular applications such as Apache, Dovecot, Lighttpd, MySQL, Postfix, SSH,
etc. Each jail relies on application-specific log filters (found in
/etc/fail2ban/fileter.d) to detect common attacks. Let's check out one
example jail: SSH jail.

1

2

3

4

5

6

7

[ssh]

enabled = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 6

banaction = iptables-multiport

This SSH jail configuration is defined with several parameters:

[ssh]: the name of a jail with square brackets.

enabled: whether the jail is activated or not.

port: a port number to protect (either numeric number of well-known name).

filter: a log parsing rule to detect attacks with.

logpath: a log file to examine.

maxretry: maximum number of failures before banning.

banaction: a banning action.

Any parameter defined in a jail configuration will override a corresponding fail2ban-wide default parameter. Conversely, any parameter missing will be assgined a default value defined in [DEFAULT] section.
Predefined log filters are found in /etc/fail2ban/filter.d, and available actions are in /etc/fail2ban/action.d.
If you want to overwrite fail2ban defaults or define any custom jail, you can do so by creating /etc/fail2ban/jail.local file. In this tutorial, I am going to use /etc/fail2ban/jail.local.

Enable Predefined Apache Jails

Default installation of fail2ban offers several predefined
jails and filters for Apache HTTP server. I am going to enable those
built-in Apache jails. Due to slight differences between Debian and Red
Hat configurations, let me provide fail2ban jail configurations for them separately.

Enable Apache Jails on Debian or Ubuntu

To enable predefined Apache jails on a Debian-based system, create /etc/fail2ban/jail.local as follows.

$ sudo vi /etc/fail2ban/jail.local

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

# detect password authentication failures

[apache]

enabled = true

port = http,https

filter = apache-auth

logpath = /var/log/apache*/*error.log

maxretry = 6

# detect potential search for exploits and php vulnerabilities

[apache-noscript]

enabled = true

port = http,https

filter = apache-noscript

logpath = /var/log/apache*/*error.log

maxretry = 6

# detect Apache overflow attempts

[apache-overflows]

enabled = true

port = http,https

filter = apache-overflows

logpath = /var/log/apache*/*error.log

maxretry = 2

# detect failures to find a home directory on a server

[apache-nohome]

enabled = true

port = http,https

filter = apache-nohome

logpath = /var/log/apache*/*error.log

maxretry = 2

Since none of the jails above specifies an action, all of these jails
will perform a default action when triggered. To find out the default
action, look for "banaction" under [DEFAULT] section in
/etc/fail2ban/jail.conf.

1

banaction = iptables-multiport

In this case, the default action is iptables-multiport (defined in /etc/fail2ban/action.d/iptables-multiport.conf). This action bans an IP address using iptables with multiport module.

After enabling jails, you must restart fail2ban to load the jails.

$ sudo service fail2ban restart

Enable Apache Jails on CentOS/RHEL or Fedora

To enable predefined Apache jails on a Red Hat based system, create /etc/fail2ban/jail.local as follows.

Note that the default action for all these jails is iptables-multiport (defined as "banaction" under [DEFAULT] in /etc/fail2ban/jail.conf). This action bans an IP address using iptables with multiport module.
After enabling jails, you must restart fail2ban to load the jails in fail2ban.
On Fedora or CentOS/RHEL 7:

$ sudo systemctl restart fail2ban

On CentOS/RHEL 6:

$ sudo service fail2ban restart

Check and Manage Fail2ban Banning Status

Once jails are activated, you can monitor current banning status with fail2ban-client command-line tool.
To see a list of active jails:

$ sudo fail2ban-client status

To see the status of a particular jail (including banned IP list):

$ sudo fail2ban-client status [name-of-jail]

You can also manually ban or unban IP addresses.
To ban an IP address with a particular jail:

$ sudo fail2ban-client set [name-of-jail] banip [ip-address]

To unban an IP address blocked by a particular jail:

$ sudo fail2ban-client set [name-of-jail] unbanip [ip-address]

Summary

This tutorial explains how a fail2ban jail works and how to
protect an Apache HTTP server using built-in Apache jails. Depending on
your environments and types of web services you need to protect, you
may need to adapt existing jails, or write custom jails and log filters.
Check outfail2ban's official Github page for more up-to-date examples of jails and filters.
Are you using fail2ban in any production environment? Share your experience.

Wednesday, December 24, 2014

Question: I am aware that there exist SSH
protocol version 1 and 2 (SSH1 and SSH2). What is the difference
between SSH1 and SSH2, and how can I check which SSH protocol version is
supported on a Linux server?

Secure Shell (SSH) is a network protocol that enables remote login or
remote command execution between two hosts over a cryptographically
secure communication channel. SSH was designed to replace insecure
clear-text protocols such as telnet, rsh or rlogin. SSH provides a
number of desirable features such as authentication, encryption, data
integrity, authorization, and forwarding/tunneling.

SSH1 vs. SSH2

The SSH protocol specification has a number of minor version differences, but there are two major versions of the protocol: SSH1 (SSH version 1.XX) and SSH2 (SSH version 2.00).

In fact, SSH1 and SSH2 are two entirely different protocols with no
compatibility in between. SSH2 is a significantly improved version of
SSH1 in many respects. First of all, while SSH1 is a monolithic design
where several different functions (e.g., authentication, transport,
connection) are packed into a single protocol, SSH2 is a layered
architecture designed with extensibility and flexibility in mind. In
terms of security, SSH2 comes with a number of stronger security
features than SSH1, such as MAC-based integrity check, flexible session
re-keying, fully-negotiable cryptographic algorithms, public-key
certificates, etc.

SSH2 is standardized by IETF, and as such its implementation is
widely deployed and accepted in the industry. Due to SSH2's popularity
and cryptographic superiority over SSH1, many products are dropping
support for SSH1. As of this writing, OpenSSH still supports both SSH1 and SSH2, while on all modern Linux distributions, OpenSSH server comes with SSH1 disabled by default.

Check Supported SSH Protocol Version

Method One

If you want to check what SSH protocol version(s) are supported by a local OpenSSH server, you can refer to /etc/ssh/sshd_config file. Open /etc/ssh/sshd_config with a text editor, and look for "Protocol" field.

If it shows the following, it means that OpenSSH server supports SSH2 only.

1

Protocol 2

If it displays the following instead, OpenSSH server supports both SSH1 and SSH2.

1

Protocol 1,2

Method Two

If you cannot access /etc/ssh/sshd_config because OpenSSH server is
running on a remote server, you can test its SSH protocol support by
using SSH client program called ssh. More specifically, we force ssh to use a specific SSH protocol, and see how the remote SSH server responds.

The following command will force ssh command to use SSH1:

$ ssh -1 user@remote_server

The following command will force ssh command to use SSH2:

$ ssh -2 user@remote_server

If the remote SSH server supports SSH2 only, the first command with "-1" option will fails with an error message like this:

Protocol major versions differ: 1 vs. 2

If the SSH server supports both SSH1 and SSH2, both commands should work successfully.

Method Three

Another method to check supported SSH protocol version of a remote SSH server is to run an SSH scanning tool called scanssh.
This command-line tool is useful when you want to check SSH protocol
versions for a bulk of IP addresses or the entire local network to
upgrade SSH1-capable SSH servers.

Here is the basic syntax of scanssh for SSH version scanning.

$ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix]

The "-n" option can specify the SSH port number(s) to scan. You can
specify multiple port numbers separated by comma. Without this option, scanssh will scan port 22 by default.

Use the following command to discover SSH servers on 192.168.1.0/24 local nework, and detect their SSH protocol versions:

$ sudo scan -s ssh 192.168.1.0/24

If scanssh reports "SSH-1.XX-XXXX" for a particular IP address, it implies that the minimum SSH protocol version supported by the corresponding SSH server is SSH1. If the remote server supports SSH2 only, scanssh will show "SSH-2.0-XXXX".

Q:1 How to check current run level of a linux server ?
Ans: ‘who -r’ & ‘runlevel’ commands are used to check the current runlevel of a linux box.

Q:2 How to check the default gatway in linux ?
Ans: Using the commands “route -n” and “netstat -nr” , we can check
default gateway. Apart from the default gateway info , these commands
also display the current routing tables .

Above command will create the initrd file
for the current version. To rebuild the initrd file for a specific
kernel , use below command :

# dracut -f initramfs-2.x.xx-xx.el6.x86_64.img 2.x.xx-xx.el6.x86_64

Q:4 What is cpio command ?
Ans: cpio stands for Copy in and copy out. Cpio copies files, lists and extract files to and from a archive ( or a single file).

Q:5 What is patch command and where to use it ?
Ans: As the name suggest patch command is used to apply changes ( or
patches) to the text file. Patch command generally accept output from
the diff and convert older version of files into newer versions. For
example Linux kernel source code consists of number of files with
millions of lines , so whenever any contributor contribute the changes ,
then he/she will be send the only changes instead of sending the whole
source code. Then the receiver will apply the changes with patch command
to its original source code.

Create a diff file for use with patch,

# diff -Naur old_file new_file > diff_file

Where old_file and new_file are either
single files or directories containing files. The r option supports
recursion of a directory tree.

Once the diff file has been created, we can apply it to patch the old file into the new file:

# patch < diff_file

Q:6 What is use of aspell ?
Ans: As the name suggest aspell is an interactive spelling checker in
linux operating system. The aspell command is the successor to an
earlier program named ispell, and can be used, for the most part, as a
drop-in replacement. While the aspell program is mostly used by other
programs that require spell-checking capability, it can also be used
very effectively as a stand-alone tool from the command line.

Q:7 How to check the SPF record of domain from command line ?
Ans: We can check SPF record of a domain using dig command. Example is shown below :

linuxtechi@localhost:~$ dig -t TXT google.com

Q:8 How to identify which package the specified file (/etc/fstab) is associated with in linux ?
Ans: # rpm -qf /etc/fstab

Above command will list the package which provides file “/etc/fstab”

Q:9 Which command is used to check the status of bond0 ?
Ans: cat /proc/net/bonding/bond0

Q:10 What is the use of /proc file system in linux ?
Ans: The /proc file system is a RAM based file system which maintains
information about the current state of the running kernel including
details on CPU, memory, partitioning, interrupts, I/O addresses, DMA
channels, and running processes. This file system is represented by
various files which do not actually store the information, they point to
the information in the memory. The /proc file system is maintained
automatically by the system.

Q:11 How to find files larger than 10MB in size in /usr directory ?
Ans: # find /usr -size +10MQ:12 How to find files in the /home directory that were modified more than 120 days ago ?
Ans: # find /home -mtime +l20Q:13 How to find files in the /var directory that have not been accessed in the last 90 days ?
Ans: # find /var -atime -90Q:14 Search for core files in the entire directory tree and delete them as found without prompting for confirmation
Ans: # find / -name core -exec rm {} \;Q:15 What is the purpose of strings command ?
Ans: The strings command is used to extract and display the legible contents of a non-text file.Q:16 What is the use tee filter ?
Ans: The tee filter is used to send an output to more than one
destination. It can send one copy of the output to a file and another to
the screen (or some other program) if used with pipe.linuxtechi@localhost:~$ ll /etc | nl | tee /tmp/ll.out
In the above example, the output from ll is numbered and captured in
/tmp/ll.out file. The output is also displayed on the screen.Q:17 What would the command export PS1 = ”$LOGNAME@`hostname`:\$PWD: do ?
Ans: The export command provided will change the login prompt to display username, hostname, and the current working directory.Q:18 What would the command ll | awk ‘{print $3,”owns”,$9}’ do ?
Ans: The ll command provided will display file names and their owners.Q:19 What is the use of at command in linux ?
Ans: The at command is used to schedule a one-time execution of a
program in the future. All submitted jobs are spooled in the
/var/spool/at directory and executed by the atd daemon when the
scheduled time arrives.Q:20 What is the role of lspci command in linux ?
Ans: The lspci command displays information about PCI buses and the
devices attached to your system. Specify -v, -vv, or -vvv for detailed
output. With the -m option, the command produces more legible output.

Monday, December 22, 2014

Question: I know I can rename a file using mv command. But what if I want to change the name of many files? It will be tedius to invoke mv command for every such file. Is there a more convenient way to rename multiple files at once?

In Linux, when you want to change a file name, mv command gets the job done. However, mv cannot rename multiple files using wildcard. There are ways to deal with multiple files by using a combination of sed, awk or find in combination of xargs. However, these are rather cumbersome and not user-friendly.

When it comes to renaming multiple files, the rename utility is probably the easiest and the most powerful command-line tool. The rename command is actually a Perl script, and comes pre-installed on all modern Linux distributions.

Here is the basic syntax of rename command.

rename [-v -n -f]

is a Perl-compatible regular expression (PCRE) which
represents file(s) to rename and how.

This regular expression is in the
form of 's/old-name/new-name/'.

The '-v' option shows the details of file name changes (e.g., XXX renamed as YYY).
The '-n' option tells rename to show how the files would be renamed without actually changing the names. This option is useful when you want to simulate filename change without touching files.
The '-f' option force overwriting existing files.

In the following, let's see several rename command examples.

Change File Extensions

Suppose you have many image files with .jpeg extension. You want to
change their file names to *.jpg. The following command converts *.jpeg
files to *.jpg.

$ rename 's/\.jpeg$/\.jpg/' *.jpeg

Convert Uppercase to Lowercase and Vice-Versa

In case you want to change text case in filenames, you can use the following commands.
To rename all files to lower-case:

# rename 'y/A-Z/a-z/' *

To rename all files to upper-case:

# rename 'y/a-z/A-Z/' *

Change File Name Patterns

Now let's consider more complex regular expressions which involve
subpatterns. In PCRE, a subpattern captured within round brackets can
be referenced by a number preceded by a dollar sign (e.g., $1, $2).
For example, the following command will rename 'img_NNNN.jpeg' to 'dan_NNNN.jpg'.

Sunday, December 21, 2014

Server-sent events (SSE) is a web technology where a browser receives
automatic updates from a server via HTTP protocol. SSE was known before
as EventSource and first is introduced in 2006 by Opera. During 2009
W3C started to work on first draft. And here is a latest W3C proposed recommendation
from December 2014. It is little know feature that was implemented by
all major web browsers except Internet Explorer and may be this is the
reason why it is not widely known and used. The idea behind Server-sent
events is very simple – a web application subscribes to a stream of
updates generated by a server and, whenever a new event occurs, a
notification is sent to the client. But to really understand power
of Server-Sent Events, we need to understand the limitations of AJAX
version. First was Polling – polling is a technique used by majority of
AJAX applications. Idea is that the JavaScript via AJAX repeatedly polls
a server for a new data in a given interval (5 seconds for example). If
there is new data, server returns it. If there is no new data, server
simply return nothing. The problem with this technique is that creates
additional overhead. Each time connection needs to be open and then
closed.

Advertisements

Next
method that was introduces was Long polling (aka COMET). Difference
between polling and long polling is that when request is made and there
is no data – server simply hangs until new data comes. Then server
returns data and closes connection. This was also know as hanging GET
method. So instead to returns empty response server waits until data
comes, then returns data and closes HTTP connection. Next comes WebSocket
which is bi-directional rich media protocol and can be used in a lot of
cases. But WebSocket needs a different protocol, different server side
code and it is a little bit complicated compared to SSE. So what is
good for Server-sent events? It could be used in cases when data
communicates in one way – from server to client. Here are couple of
cases which SSE is very useful: real-time stock prices update; live
score and sports events; server monitoring web applications. Benefit
of using Server-sent events instead of AJAX polling or long polling is
that technology is directly supported by major web browsers; protocol
that is used is HTTP so it is very easy to implement it on server side
as well. SSE does not generate overhead and everything that you need is
handled by web browser. Here is current state of SSE support.

Protocol description

Data
are sent in plain text. So SSE is not suitable for binary data, but it
is perfect for text events. First step is to set correct response header
Content-Type to text/event-stream.

header("Content-Type: text/event-stream");

Next step is to construct and send data. Basically response contains keyword data followed by data you want to send and two new lines.

Advertisements

data: Hello World!\n\n

If you want to send multiple lines you can separate them by one new line.

But what happens when connection is lost or closed – well browser opens again connection after 3 seconds. To control re-connection time you should use a keyword retry
with first message. Number passed after retry is in milliseconds. Here
is example – tell browser to reconnect after 2 seconds if HTTP
connection is lost.

When browser reconnects meanwhile some event happens how do you know which was sent and which was not – well you can associate unique id with each event. When reconnects browser send HTTP header Last-Event-ID. Based on that header you know which is the last event browser received.

id: 1\n
data: Hello World!\n\n
id: 2\n
data: Second message\n\n

JavaScript API

Using EventSource in browser is simple and easy. First you check that browser supports EventSource API then you create event source by passing URL to which to listen.

Most important properties of Event object passed to listener functions are data and lastEventId.
One
interesting feature is named events. You can specify name of different
events and on client side different listeners to be fired based on that
events.

event: priceUp\n
data: GOOG:540\n\n

Then on client side you can subscribe to this event by passing it to listener function:

Show me example

After so many words and code snippets I
put all together and created simple Stock Tickets web application that
updates price of some selected stocks. Data source is not real but it is
simple multidimensional array with very simple structure – ticked –
price. Otherwise everything is real and could be used to explore and
study the code.

Whether you are an amateur musician or just a student recording his
professor, you need to edit and work with audio recordings. If for a
long time such task was exclusively attributed to Macintosh, this time
is over, and Linux now has what it takes to do the job. In short, here
is a non-exhaustive list of good audio editing software, fit for
different tasks and needs.

1. Audacity

Let's get started head on with my personal favorite. Audacity
works on Windows, Mac, and Linux. It is open source. It is easy to use.
You get it: Audacity is almost perfect. This program lets you
manipulate the audio waveform from a clean interface. In short, you can
overlay tracks, cut and edit them easily, apply effects, perform
advanced sound analysis, and finally export to a plethora of format. The
reason I like it so much is that it combines both basic features with
more complicated ones, but maintain an easy leaning curve. However, it
is not a fully optimized software for hardcore musicians, or people with
professional knowledge.

2. Jokosher

On a different level, Jokosher
focuses more on the multi-track aspect for musical artists. Developed
in Python and using the GTK+ interface with GStreamer for audio
back-end, Jokosher really impressed me with its slick interface and its
extensions. If the editing features are not the most advanced, the
language is clear and directed to musicians. And I really like the
association between tracks and instruments for example. In short, if you
are starting as a musician, it might be a good place to get some
experience before moving on to more complex suites.

3. Ardour

And talking about compex suites, Ardour
is complete software for recording, editing, and mixing. Designed this
time to appeal to all professionals, Ardour features in term of sound
routing and plugins go way beyond my comprehension. So if you are
looking for a beast and are not afraid to tame it, Ardour is probably a
good pick. Again, the interface contributes to its charm, as well as its
extensive documentation. I particularly appreciated the first-launch
configuration tool.

4. Kwave

For all KDE lovers, KWave
corresponds to your idea of design and features. There are plenty of
shortcuts and interesting options, like memory management. Even if the
few effects are nice, we are more dealing with a simple tool to
cut/paste audio together. It becomes shard not to compare it with
Audacity unfortunately. And on top of that, the interface did not appeal
to me that much.

5. Qtractor

If Kwave is too simplistic for you but a Qt-based program really has some appeal, then Qtractor
might be your option. It aims to be "simple enough for the average home
user, and yet powerful enough for the professional user." Indeed the
quantity of features and options is almost overwhelming. My favorite
being of course customizable shortcuts. Apart from that, Qtractor is
probably one of my favorite tools to deal with MIDI files.

6. LMMS

Standing for Linux MultiMedia Studio, LMMS
is directly targeted for music production. If you do not have prior
experience and do not want to spend too much time getting some, go
elsewhere. LMMS is one of those complex but powerful software that only a
few will truly master. The number of features and effects is simply too
long to list, but if I had to pick one, I would say that the Freeboy
plugin to emulate Game Boy sound system is just magical. Past that, go
see their amazing documentation.

7. Traverso

Finally, Traverso stood out to me for its unlimited track count and
its direct integration with CD burning capacities. Aside from that, it
appeared to me as a middle man between a simplistic software and a
professional program. The interface is very KDE-like, and the keyboard
configuration is always welcome. And cherry on the cake, Traverso
monitors your resources and make sure that your CPU or hard drive does
not go overboard.
To conclude, it is always a pleasure to see such a large diversity of
applications on Linux. It makes finding the software that best fits
your needs always possible. While my personal favorite stays Audacity, I
was very surprised by the design of programs like LMMS or Jokosher.
Did we miss one? What do you use for audio editing on Linux? And why? Let us know in the comments.

Whether playing on Linux or working on Linux there is a
good chance you have come across a program written in python. Back in
college I wish they thought us Python instead of Java, it’s fun to learn
and useful in building practical applications like the yum package
manager.
In this tutorial I will take you through how I built a simple application which displays useful information like memory usage per process, CPU percentage etc using python and a micro framework called flask.Prerequisites
Python Basics, Lists, Classes, Functions, Modules.
HTML/CSS (basic)
You don’t have to be an advanced python programmer to follow this
tutorial, But before you go further I recommend you read
https://wiki.python.org/moin/BeginnersGuide/NonProgrammersInstalling Python 3 on Linux
On most Linux distributions python is installed by default. This is how you can find out the python version on your system.

[root@linux-vps ~]# python -V
Python 2.7.5

We will be using python version 3.x to build our app. As per Python.org all improvements are now only available in this version which is not backward compatible with python 2.Caution: Before your proceed I strongly recommend
you try this tutorial out on a Virtual machine, since python is a core
component of many Linux Distributions any accidents may cause permanent
damage to your system.
This step is for RedHat based variants like CentOS (6&7), Debian
based variants like Ubuntu,Mint and Rasbian can skip this step as you
should have python version 3 installed by default. If not use apt-get
instead of yum to install the relevant packages below.

Python Virtual Environment
In Python a virtual environment is a directory where your projects
dependencies are installed. This is a good way to segregate projects
with different dependencies. It also allows you to install packages
without the need for sudo access.

To create the virtual environment you will need to use the
“pyvenv-3.4” command. This will create a directory called “lib” inside
the venv folder where the dependencies for this project will be
installed. It will also create a bin folder which will contain pip and
python executables for this virtual environment.Activating the Virtual Environment for our Linux system information project

stdout and stderr will store the output and error of this command
respectively. You can then access this output via the communicate method
of the Popen class.

out,error = cmd.communicate()

To display the output in a better way via the html template, I have used the splitlines () method,

memory = out.splitlines()

More information on python subprocess module is available in the docs at the end of this tutorial.
Step 3: Create an html template where we can display the output of our command.
In order to do this we need to use the Jinja2 template engine in flask which will do the template rendering for us.
Your final index.py file should look as follows

Now create an index.html template inside the templates folder, flask will search for templates in this folder.

[leo@linux-vps python3.4-flask]vim app/templates/index.html

Memory usage per process

{% for line in memory %}
{{ line.decode('utf-8') }}
{% endfor %}

The Jinja2 template engine allows you to use the “{{ … }}” delimiter
to print results and {% … %} for loops and value assignment. I used
the “decode()” method for formatting purposes.
Step 4: Running the app.

I have added more code to the app so that it gives you cpu, I/O and load avg as well.
You can access the code to this app here.
This is a brief introduction to flask and I recommend you reading the tutorials and docs below for indepth information.
http://flask.pocoo.org/docs/0.10/quickstart/#
https://docs.python.org/3.4/library/subprocess.html#popen-constructor
http://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-i-hello-world

The
cloud is the future, and now is the time to start learning more about
how you can use OpenStack to solve your organization's IT infrastructure
needs. Fortunately, we're here to help with that.
Every month, we compile the very best of recently published how-tos,
guides, tutorials, and tips into this handy collection. And don't
forget, for much more information beyond these snippets, the official documentation for OpenStack is always a great place to look.

First up this month is a look at importing and converting disk images for OpenStack Glance directly in Ceph.
Writes Sébastian Han, "Ceph, to work in optimal circumstances, requires
the usage of RAW images. However, it is painful to upload RAW images in
Glance because it takes a while. Let see how we can make our life
easier."

Next, let's take a dive into dealing with attached storage volumes.
What happens when a launched instance gets deleted but due to some, erm,
strangeness in your system, the disk image attached to it remains? How
do you go about getting rid of that disk? Learn what to do in this guide
to deleting root volumes attached to non-existent images.

Are you an OpenStack contributor? This tip is for you. Have you ever wondered how to compare two different patchsets in Gerrit? Sylvain Bauza shares a little bit about how his review process works.

Most datacenters are a mixed environment of old and new, with
different applications at different places in their lifecycle, and
different support tools underlying them. It's not uncommon to need to
support a variety of different hypervisors. Fortunately, OpenStack can
handle that. Learn how to deploy OpenStack in a multi-hypervisor environment.

Your application layer may be stuck on a closed source operating
system, but that doesn’t mean you can’t run it in your open source
datacenter with OpenStack. If you need to build a Windows image to use
with OpenStack, here's how. Bonus tip: want to do the same thing with FreeBSD? There's a solution to that too. Of course many Linux distributions, including the recently-released Fedora 21, are OpenStack-ready on day one.

Okay, one more for those OpenStack core developers. Setting up unit
test suites with Python virtual environments is a common practice, but
it can be a time consuming one. Daniel P. Berrangé writes up a way to do
faster rebuilds for Python virtualenv trees.

Our final tutorial this month isn't just a single guide, but rather a
collection of helpful posts that detail the process of deploying
OpenStack through a variety of different methods. Edmund Haselwanter
takes you through deploying OpenStack with Chef-server, Chef-zero, RPC, Fuel, and my favorite, with RDO Packstack.

That's it for this month. Check out our complete OpenStack tutorials collection for more great guides and hints. And if we missed your favorite new guide or resource, let us know in the comments!

As the virtualization of U.S. defense agencies commences, the technology’s many attributes—and drawbacks—are becoming apparent.

Virtualization has enabled users to pack more computing power in a
smaller space than ever before. It has also created an abstraction layer
between the operating system and hardware, which gives users choice,
flexibility, vendor competition and best value for their requirements.
But there is a price to be paid in the form of expensive and cumbersome
equipment, software licensing and acquisition fees, and long install
times and patch cycles.

These challenges have led many administrators to turn to application
container technology for answers to their virtualization needs. For this
article, we’ll focus specifically on Linux containers, which are made
of two core components: the container technology itself and application
packaging technology. They enable multiple isolated Linux systems to run
on a single control host. Most importantly, they enable the warfighter
to have more capabilities in a fraction of the space required by
traditional virtualization.

Getting past tradition

In traditional virtualization, each application runs on its own guest
operating system. These operating systems need to be individually
purchased, installed, and maintained throughout their lifecycles. That
can be time-consuming and costly.

With Linux containers, only one Linux operating system needs to be
purchased, installed, and maintained. Instead of separating every
application by installing them on their own guest operating systems,
Linux containers are separated using control groups (cgroups) for
resource management; namespaces for process isolation; and NSA-developed
Security-Enhanced Linux (SELinux) for security, which enables secure multi-tenancy and reduces the potential for security exploits.

Photo from Dave Egts

The SELinux-based Linux container isolation provides an additional layer of defense for KVM-based virtualized and cloud environments that use SELinux-based sVirt
isolation technology. Similar to a Russian nesting doll, many Linux
containers are packed in a VM, many VMs in a hypervisor, and many
hypervisors in a secure cloud. The result is a fast, efficient, and
lightweight solution that is independent of underlying physical
hardware; ideal for the military embedded space.

Finally, by eliminating the overhead of a guest operating system for
every application, Linux containers enable increased densities of 10x
more applications than traditional virtualization. SWaP (size weight and
power) is decreased significantly and the need for traditional
virtualization is potentially eliminated, as containers can run natively
on bare metal with Linux.

The Docker factor

The need for containerized applications to use the same runtime stack
as the underlying system is now unnecessary with the open source Docker
project. That’s because Docker enables an application to run the same
Linux kernel as the underlying container host but use a wholly different
runtime stack:

Photo from Dave Egts

Docker also:

Provides the ability to package mission
applications and their user space runtime dependencies in a standard
format. This enables “golden image” warfighter applications to be shared
and deployed on Linux hosts from various vendors who also support
Docker.

Works with Linux container hosts running on
physical, virtual or cloud systems. Integrators can develop using agile
methods in their cloud and field containerized applications on tactical
bare metal appliances without the need of virtualized infrastructure.

Lets administrators layer containerized images
and put them in an app store-like registry. For instance, the U.S. Army
could develop a pre-STIGed
Linux container and publish it in an Army app registry for all
authorized government and integrator employees’ use. These images could
be extended to contain certified layered products and services for Java
application servers, Web servers, and more:

Photo from Dave Egts

Integrators could also develop applications based upon these
containers and publish them back into the Army registry for use and
remixing by the government and other integrators.

The Atomic option

Project Atomic provides an Atomic host that is actually a slimmed
down enterprise Linux distribution whose sole job is to run Docker
containers. Its name is derived from two plays upon words: “atomic,” for
a small footprint as discussed above, and “atomic operations,” which
must be performed entirely or not at all. Atomic hosts are compelling
for tactical environments because they enable containerized apps to be
uniformly “flashed,” or “reflashed” quickly if a system rebuilding or
updating. This is quite different from the traditional approach of
patching deployed systems, where configurations can drift from being
identical over time, making security measurement extremely difficult.

As the U.S. military continues its march toward virtualization, it
will need to operate in an environment that runs on more agile
solutions. Linux containers fit that bill nicely, enabling Defense
Department agencies to take full advantage of virtualization benefits.